Efterlevnad och certifiering

eero öster

Eero Öster

Head of Cloud Transformation

Vare sig du bygger en ny rymdstation eller en ny digital plattform måste du kunna visa att du tar eventuella risker i beaktande, att du byggt upp nödvändiga säkerhets- och sekretessrutiner och att du upprätthåller dem i en välstyrd process. Med våra certifieringstjänster kan vi hjälpa till med detta.

Tillsammans erbjuder Nixu Corporation och det oberoende dotterbolaget Nixu Certification Ltd. ett brett utbud av IT-säkerhets- och sekretessrevisionstjänster.

Vår erfarna personal som genomför revisionerna har också verklig erfarenhet av utmanande IT-säkerhetshantering och tekniska revisioner, så utöver en kostnadseffektiv revision kan vi och leda dig i rätt riktning när eventuella problem ska åtgärdas.

I arbetet att utforma revisionskraven samarbetar vi med många andra organisationer, som till exempel Cloud Security Alliance kring säkerhetskrav för molnleverantörer.

I vårt ständigt växande utbud av säkerhetsutvärderingar ingår bland annat ISO/IEC-revisioner för moln, betalsystem, identitetskontroll och bilsystem.

Dessa omfattar exempelvis standarderna ISO/IEC 27001, ISO/IEC 27017 (molnsäkerhet) och ISO/IEC 27018 (personuppgiftssäkerhet), PCI DSS, PCI PA-DSS, PCI P2PE, Kantara IAF (ramverk för identitetskontroll) och Mirrorlink-revisioner för bilsystem.

Tjänster

Privacy Consulting

The Personal Data Act and EU’s forthcoming General Data Protection Regulation (GDPR) define that organizations have an obligation to protect personal information against unauthorized use.
With Nixu's privacy services, you can ensure that personal information is handled according to laws and regulations, while minimizing information-related risks. Nixu can also help you to prepare a privacy policy as well as descriptions of file.

PCI Onsite-utvärdering

PCI Onsite assessment is the assessment service for all parties that store, process or transmit cardholder data. We have experience in assessing different organization types such as large retail chains, small cafés, global service providers, payment gateways, airlines and banks. We don’t only assess, but help the customer in achieving and maintaining compliance as well.

Privacy by design

Our Privacy by Design service aims at introducing privacy-related actions and controls as part of your product development and maintenance process. Our goal is to make your teams self-sufficient, by transferring skills and methods such as privacy impact assessments, and creating privacy requirements for your development teams. Additionally, we will support your legal with contractual reviews and work with your business to help you differentiate on your market via privacy.

PCI preperation

PCI Preparation service is the initial step to PCI compliance. We train customer’s key personnel to understand PCI and its requirements. We focus on minimizing the customer’s PCI environment so that compliance can be achieved more cost effectively. The most important outcome of the service is a roadmap that contains clear tasks to be performed in order to become compliant. For each task, a cost estimate is provided and responsibilities defined. The roadmap can be further refined to become a project plan.

Collaborator security audit

The Collaborator Security Audit Service provides customers possibility to verify that security status of their partners and collaborators does not create unacceptable risks, the contractual requirements for security are followed and that the processes and security governance of collaborators is sound and according to industry best practices.

PCI PA-DSS Services

PA-DSS services are intended for all vendors that develop payment applications. We can help in preparing for the validation, in remediating the non-conformities and in performing the actual validation. The PA-DSS validation service results in a validated payment application that is listed on PCI Security Standards Council’s web page. In addition, we provide a PA-DSS Preparation service that includes training, gap-analysis and a roadmap for achieving the validation. We also provide ongoing support as part of the Nixu Catalyst compliance management and support service.

Bloggar

  • White paper: GDPR and reporting obligation in data security breach
  • eero öster

    Eero Öster

    Head of Cloud Transformation